Target credit card breach may have originated with a small contractor

Fazio Mechanical Services, a small heating and refrigeration contractor based in Pittsburgh, says it was the victim of 'a sophisticated cyber attack operation.'

By
Matthew Shaer, Correspondent /
February 7, 2014

View video

A customer signs his credit card receipt at a Target store in Tallahassee, Fla.

AP

View photo

Late last year, Target revealed it had been targeted by a team of unknown hackers, who managed to gain access to the personal info (and credit card numbers) of 40 million customers. It was, as onlookers noted at the time, a "disaster," and the impetus for at least one lawsuit.

Today comes news that the breach may have originated with Fazio Mechanical Services, a small heating and refrigeration contractor based in Pittsburgh. In a statement this week, the company acknowledged its systems – which have a data connection with Target for the purposes of electronic billing – were likely exploited by hackers.

"Like Target, we are a victim of a sophisticated cyber attack operation," said Ross Fazio, the president of the company, in the statement. "We are fully cooperating with the Secret Service and Target to identify the possible cause of the breach and to help create proactive remedies to enhance the security of client/vendor connections make them less vulnerable to future breaches."

The Associated Press reports that the Secret Service is indeed investigating Fazio Mechanical. Target hasn't issued a statement, but likely will do so in the coming days.

In the meantime, if you suspect you've been affected by the breach, it may be worth heeding a set of instructions laid out back in January by Jose Pagliery of CNN Money. Among them: Be proactive in contacting Target, sign up for fraud monitoring, and try to get a grip on the number of sites that might be storing your card information (the last 4 digits of your card can be used by hackers to gain access to your accounts). Above all, be on your guard.

"If a person calls you, claims to be with your bank and says you've been affected by the Target hack, hang up. Then call the bank number on your credit card to resolve the issue," Mr. Pagliery writes. "Similarly, if you get an email that seems official, don't click on any links."